Earlier this week, reports of a major security breach at LinkedIn surfaced as 6.5 million member passwords were uploaded to a Russian hacker website. On the network’s blog, the company confirmed that such allegations were true.
PCWorld notes that of the compromised passwords, more than 200,000 have reportedly been cracked. To stop the breach from spreading further, LinkedIn announced some steps that its 161 million worldwide users should take to keep their account safe:
- Members that have accounts associated with the compromised passwords will notice that their LinkedIn account password is no longer valid.
- These members will also receive an email from LinkedIn with instructions on how to reset their passwords. There will not be any links in this email. Once you follow this step and request password assistance, then you will receive an email from LinkedIn with a password reset link.
- These affected members will receive a second email from our Customer Support team providing a bit more context on this situation and why they are being asked to change their passwords.
Note, that this breach can impact users beyond the realm of LinkedIn’s site. In a recent article in the Washington Post, Graham Cluley, a consultant with U.K. Web security company Sophos, stated that users who use the same password on more than one website should be concerned about other accounts and services being hacked. These passwords should be more robust and must be changed immediately. For tips on creating a stronger password, visit our post “New Ways to Beef Up Your Online Security Management.”
Additionally, Cluley also warned that LinkedIn users should be wary of phishing attacks with a malicious email generated around the incident. According to the Washington Post, “The fear is that people, after hearing about the incident, would be tricked into clicking on links in those emails. Instead of getting to the real LinkedIn site to change a password, it would go to a scammer, who can then collect the information and use it for criminal activities.” Yours truly received an e-mail just like Cluley described hours after the story broke. The image is screenshotted below for your information.
If you are unsure whether your account was impacted by the breach, you can use a secure tool from the password management firm LastPass, according to Mashable. For the latest tips on keeping your LinkedIn account secure, visit our How-To section on Managing Your LinkedIn Private Settings.